There are numerous tools used in the Penetration Testing (pen testing) process, and there are plenty of books that go into how to use the individual tools. There are very few resources that discuss how the tools are used and how to approach the process. When Henry Qin at the Duke University ACM Chapter approached EthicalHacker.net on doing a presentation for his organization on the tools and process of pen testing, I jumped at the opportunity. The following videos encompass the basic outline of what was presented at Duke with some minor changes.

The first video takes the viewer through the initial network recon stage of pen testing and then follows up with actual exploitation using Metasploit. Initially the network is scanned through Nmap, and after some basic discovery and information gathering, the scan continues to Nessus. Nessus is a vulnerability scanning tool that allows the user to analyze a host for vulnerabilities, but also has the ability to export reports. The video then walks the viewer through importing the Nessus vulnerabilities directly into Metasploit in order to determine which Metasploit modules correspond to the Nessus vulnerabilities for the specific host. The module data is then used to compromise a remote Microsoft Windows XP box.

The second video will cover some of the post-exploitation tasks that a pen tester may use. It begins with some basic Meterpreter tasks. Meterpreter is a specialized pen testing shell that is included in Metasploit as a payload. Using Meterpreter, password hashes are obtained from the exploited machine, and 0phcrack is used to crack the passwords. While the passwords are cracking, the viewer is taken back to Meterpreter in order to create a hidden cmd.exe shell on the remote host, and create a new user and add that user to the Administrators group.

While these are just a few of the tasks that a pen tester will perform, these videos should whet the appetite for more knowledge. Many of these tools are covered in-depth and with an emphasis on the process, skills, and mindset necessary to become a pen tester in the SANS Security 560 class: Network Penetration Testing and Ethical Hacking. I highly recommend this class if you are interested in learning more about these tools and how to effectively leverage them. Another well received course is the Offensive Security 101 AKA OSCP class which uses the Backtrack Live distribution . The Backtrack Live distribution contains many of the tools discussed in the videos and the course is designed by the designers of Backtrack. Other great resources can be found on the home pages for each of the tools listed below, and of course, The Ethical Hacker Network.

Ryan Linn, CISSP, MCSE, GPEN – Ryan is currently an Information Security Engineer at SAS Institute. Employed in the computer industry since 1997, he has held positions ranging from web developer to Unix Systems Programmer at a large university to his current position in Information Security. Ryan has been responsible for working with large scale deployments of various flavors of *nix, high availability web and database clusters, as well as for application programming in high availability environments. In the past few years, Ryan has incorporated Windows security into his responsibilities, and is now part of the team responsible for information security globally in one of the largest privately held software companies in the world.

Upcoming Industry Events

CarolinaCon 11 The Last CarolinaCon As We Know It More info coming soon. CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also[...]

InfoSec World 2015 The MISTI team is excited to bring you a lineup of conference sessions, workshops and summits that address the most pressing matters in information security today. With a selection of our top-rated[...]

RSA Conference 2015 – USA Same time, same place, same humongous crowds! RSA Conference 2015 is not specifically focused on hacking, pentesting and the like, but it is the largest general information security event and[...]

THOTCON 0x6 THOTCON (pronounced \ˈthȯt\ and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best[...]

BSides Chicago 2015 Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and[...]

CEIC 2015 It’s no exaggeration to say that CEIC (Computer and Enterprise Investigations Conference) is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills[...]

OWASP AppSecEU 2015 The BeNeLux chapters will host the OWASP AppSec Europe Research 2015 global conference in Amsterdam, The Netherlands from May 19-22. Amsterdam is the capital of the Netherlands and the largest city of[...]

ShowMeCon 2015 St. Louis’ Hacking & Cyber Security Con ShowMeCon. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training[...]